hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
76,207 Commits 1,672 Branches 157 Tags
codeql-cli-2.20.5
Commit Graph

185 Commits

Author SHA1 Message Date
Tony Torralba
da4049e25c Go: Migrate AppenderOrSprinter model to models-as-data 2024-01-09 16:35:47 +01:00
amammad
accc09fd8c Lists of strings should be in alphabetical order. In a QLDoc, there should be a full stop at the end of each sentence. shorter model summary. change target from getACall() to getACall().getResult(.). better tests 2023-11-25 13:36:06 +01:00
amammad
2ad59a5403 fix SSRF sinks 2023-11-21 18:46:35 +01:00
amammad
9f8871746b add flow summary instead of additional flow steps 2023-11-02 20:12:50 +01:00
Chris Smowton
0129167cc4 Convert Beego's MapGet method to MaD 2023-04-12 14:19:06 +01:00
Chris Smowton
b86f0cf268 Sort models 2023-04-12 14:19:06 +01:00
Chris Smowton
12527e406b Remove unnecessary model 
This referred to a private type
 2023-04-12 14:19:05 +01:00
Chris Smowton
3cea01b6c8 Fix functions with multiple models 
In some cases multiple return value outputs can be coalesced, and in others we had accidentally conflated two independent flows (e.g. Arg1 -> Arg2 | Arg3 -> Arg4 led to accidentally introducing Arg1 -> Arg4 and Arg3 -> Arg2)
 2023-04-12 14:19:05 +01:00
Chris Smowton
4a89dbc498 Revert "Remove unnecessary models" 
This reverts commit 12eaedc188487275e8cd6bed4a4318fed4d4b752.

We can't do this now, because there is nothing to guarantee an interface has actually been extracted, and therefore whether a model will get applied. Therefore explicitly modelling methods that may be interface implementations where the interface is in a different package may still make a difference to behaviour.
 2023-04-12 14:19:05 +01:00
Chris Smowton
ed56461ed7 Remove unnecessary models 
These are inherited from Stringer, Reader, Writer and BinaryMarshaler
 2023-04-12 14:19:05 +01:00
Chris Smowton
1a7927d3a1 Fix x/net/html.EscapeString modelling 
This had never worked due to accidentally extending non-abstract class HtmlEscapeFunction; consequently it was neither a taint propagator in general, nor an HTML escape function. Added tests to ensure it is now behaving as intended.
 2023-04-12 14:19:04 +01:00
Chris Smowton
aaa7f34386 Fix mixing of source and summary models 2023-04-12 14:19:04 +01:00
Chris Smowton
9447dfd636 Combine net/http models 2023-04-12 14:19:03 +01:00
Chris Smowton
0d306e6189 Restore versioning to one more protobuf model 2023-04-12 14:19:03 +01:00
Chris Smowton
2658a47f21 Remove another protobuf instance now handled in Protobuf.qll 2023-04-12 14:19:03 +01:00
Chris Smowton
a16d56258f Clean up protobuf models 2023-04-12 14:19:03 +01:00
Chris Smowton
95a9fcae47 Remove spurious model 
This referenced a test-specific package; these protobuf models are more than MaD can specify, so they have already moved back into Protobuf.qll.
 2023-04-12 14:19:03 +01:00
Chris Smowton
0d66b68a56 Restore more package / subpackage boundaries and alternate package names 
Note none of these alternate names are apparently tested, either before or afterwards.
 2023-04-12 14:19:03 +01:00
Chris Smowton
5e121fb4fd Restore Couchbase alternate package names 2023-04-12 14:19:03 +01:00
Chris Smowton
fd16c03fcf Add Beego v2 models 2023-04-12 14:19:02 +01:00
Chris Smowton
172ff082d3 Default to tolerating multiple package versions 
Subpackages still need to use the $ANYVERSION trick
 2023-04-12 14:19:02 +01:00
Chris Smowton
2024747827 Add missing tests for html.Node taint propagators 
The TaintTracking::FunctionModels for these appeared broken, so I suspect they had never worked.
 2023-04-12 14:19:02 +01:00
Chris Smowton
8f4567349d Add missing NewTokenizerFragment model and test 2023-04-12 14:19:02 +01:00
Chris Smowton
803b9d38cc Add missing tests and models for json-patch 2023-04-12 14:19:02 +01:00
Chris Smowton
5e74930881 Add missing tests and models for go-pg/pg/orm.Formatter 2023-04-12 14:19:02 +01:00
Chris Smowton
c011e013e1 fixup restoration of variadic models 2023-04-12 14:19:01 +01:00
Chris Smowton
c8407ba323 Revert variadic functions to use non-MaD models 2023-04-12 14:19:01 +01:00
Chris Smowton
9c45192a4e Remove spurious duplicate models 2023-04-12 14:19:00 +01:00
Chris Smowton
c242c28af9 Use $ANYVERSION to allow applying a model to all versions of a given package 2023-04-12 14:19:00 +01:00
Chris Smowton
f36a2143f5 Accept more test changes; add some missing models 2023-04-12 14:19:00 +01:00
Chris Smowton
d49840ee8e Restore mistakenly-deleted models 2023-04-12 14:19:00 +01:00
Chris Smowton
e98c70c482 Restore mistakenly deleted model 2023-04-12 14:19:00 +01:00
Chris Smowton
de0caf2445 Go: mass-convert taint-flow models to models-as-data format 2023-04-12 14:18:44 +01:00
Michael Nebel
218f553fef Go: Convert remaining CSV production models to use data extensions. 2023-01-12 11:13:33 +01:00
Michael Nebel
ebb3485a73 Go: Use the extensible predicates for model definitions. 2023-01-12 11:13:33 +01:00